System and Method for Automatically Securing Sensitive Data in Public Cloud Using a Serverless Architecture

1. A system comprising a cloud compute service for executing jobs immediately upon receipt of a notification, the cloud compute service comprising: one or more hardware processors; and a memory unit storing instructions executable by the one or more hardware processors to perform operations comprising: receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

2. The system of claim 1 , wherein stripping comprises: replacing the sensitive data with at least one of aggregate data or encrypted data.

3. The system of claim 1 , wherein the operations further comprise: decoding, by the container instance, the sensitive file before stripping the sensitive data; and encoding, by the container instance, the stripped file before transmitting the stripped file to a storage location.

4. The system of claim 1 , wherein the operations further comprise: receiving, at the cloud compute service, from the file receipt location, the configuration file.

5. The system of claim 1 , wherein the stripping comprises partial stripping.

6. The system of claim 1 , wherein the configuration file comprises at least one of a field name, a string location, or a string length associated with the sensitive data.

7. The system of claim 1 , wherein: the sensitive file comprises metadata and tags, the metadata and tags being added by the file receipt location; and the stripping is further based on the metadata and tags.

8. The system of claim 1 , wherein: the sensitive data comprises information associated with a transaction; and the stripped file is Payment Card Industry compliant.

9. The system of claim 1 , wherein terminating the container instance further comprises wiping data by overwriting memory blocks.

10. The system of claim 1 , wherein the operations further comprise: transmitting, by the container instance, the stripped file to a second storage location.

11. The system of claim 1 , wherein generating the stripped file further comprises: performing data analysis on data contained in the sensitive file; and including a result of the data analysis in the stripped file.

12. The system of claim 1 , wherein deleting the sensitive file from the file receipt location comprises: sending, by the cloud compute service, an instruction to the file receipt location, the instruction comprising a command to destroy the sensitive file.

13. The system of claim 12 , wherein destroying the sensitive file comprises: immediately marking the sensitive file for permanent deletion; and permanently deleting the sensitive file and associated file pointers at a later point in time.

14. The system of claim 1 , wherein retrieving the sensitive file from the file receipt location comprises: automatically receiving, by the container instance and from the file receipt location, the sensitive file.

15. The system of claim 1 , wherein: the notification comprises a file identifier of the sensitive file; and retrieving the sensitive file from the file receipt location comprises: sending a request to the file receipt location, the request comprising the file identifier and an authentication credential; and receiving the sensitive file in response to the request.

16. The system of claim 1 , wherein the sensitive file is one of a plurality of sensitive files received in a stream at file receipt location.

17. The system of claim 1 , wherein, prior to terminating the container instance, the operations further comprise, generating, by the container instance, a second stripped file by stripping the sensitive data from the sensitive file based on a configuration file, the second stripped file comprising different information than the first stripped file, transmitting, by the container instance, the second stripped file to a second storage location, the second storage location being different from the first storage location.

18. The system of claim 1 , the operations further comprising: generating, by the container instance, a report, the report comprising at least one of a job status or an error message; and sending, by the container instance, the report to the cloud compute service.

19. A method comprising: receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

20. A non-transitory computer readable medium having stored instructions, which when executed, cause at least one processor to perform operations comprising: receiving a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.